Static Application Security Testing (SAST) is an analysis technique for analyzing program code to detect potential problems within the source code. That is, SAST performs such analysis without actually executing (running) the source code. Potential problems with the code can include, for example, potentially insecure dataflows that can endanger either the security of safety of the program. However, static analysis tools (e.g., SAST tools) often over approximate the number of potential insecurities in a program, thus, resulting in many reported findings that are neither security nor safety relevant (e.g., false positives). In general, this leads to the need for complex and dynamic security policies as well as a significant increase in the costs for manual system audits.